Sample code for 30+ languages & platforms
PowerShell

JWE using ECDH-ES+A256KW

See more JSON Web Encryption (JWE) Examples

Create a JWE with the following public/private key pair:
{
    "kty": "EC",
    "d": "jZCffzVqJjryBH4EoaN0oD-TyLXrW2XHoDdIuPZnk8c",
    "use": "enc",
    "crv": "P-256",
    "kid": "evEK2thJMsWxBYRivXI8ykUf6n6zizLiLCGH3s58wKs",
    "x": "LOakgGvxWBsWbCPLY6Vq6OuBktIqG8POXFXe7ngQ2oM",
    "y": "voJvS6I-Mc4qqmEA_G2hLQqBck3a3vqaJbmzY7YPUD4",
    "alg": "ECDH-ES+A256KW"
}

Also shows how to decrypt.

Chilkat PowerShell Downloads

PowerShell
Add-Type -Path "C:\chilkat\ChilkatDotNet47-x64\ChilkatDotNet47.dll"

$success = $false

# This requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

# Create the following JSON:
# {
#     "kty": "EC",
#     "d": "jZCffzVqJjryBH4EoaN0oD-TyLXrW2XHoDdIuPZnk8c",
#     "use": "enc",
#     "crv": "P-256",
#     "kid": "evEK2thJMsWxBYRivXI8ykUf6n6zizLiLCGH3s58wKs",
#     "x": "LOakgGvxWBsWbCPLY6Vq6OuBktIqG8POXFXe7ngQ2oM",
#     "y": "voJvS6I-Mc4qqmEA_G2hLQqBck3a3vqaJbmzY7YPUD4",
#     "alg": "ECDH-ES+A256KW"
# }

$json = New-Object Chilkat.JsonObject
$json.UpdateString("kty","EC")
$json.UpdateString("d","jZCffzVqJjryBH4EoaN0oD-TyLXrW2XHoDdIuPZnk8c")
$json.UpdateString("use","enc")
$json.UpdateString("crv","P-256")
$json.UpdateString("kid","evEK2thJMsWxBYRivXI8ykUf6n6zizLiLCGH3s58wKs")
$json.UpdateString("x","LOakgGvxWBsWbCPLY6Vq6OuBktIqG8POXFXe7ngQ2oM")
$json.UpdateString("y","voJvS6I-Mc4qqmEA_G2hLQqBck3a3vqaJbmzY7YPUD4")
$json.UpdateString("alg","ECDH-ES+A256KW")

$pubkey = New-Object Chilkat.PublicKey

$success = $pubkey.LoadFromString($json.Emit())
if ($success -eq $false) {
    $($pubkey.LastErrorText)
    exit
}

# Build our protected header:

# 	{
# 	  "alg": "ECDH-ES+A256KW",
# 	  "enc": "A256GCM",
# 	  "exp": 1621957030,
# 	  "cty": "NJWT",
# 	  "epk": {
# 	    "kty": "EC",
# 	    "x": "QLpJ_LpFx-6yJhsb4OvHwU1khLnviiOwYOvmf5clK7w"
# 	    "y": "AJh7pJ3zZKDJkm8rbeG69GBooTosXJgSsvNFH0i3Vxnu"
# 	    "crv": "BP-256"
# 	  }
# 	}

# Use jwt only for getting the current date/time + 3600 seconds.
$jwt = New-Object Chilkat.Jwt

$jweProtHdr = New-Object Chilkat.JsonObject
$jweProtHdr.UpdateString("alg","ECDH-ES+A256KW")
$jweProtHdr.UpdateString("enc","A256GCM")
$jweProtHdr.UpdateInt("exp",$jwt.GenNumericDate(3600))
$jweProtHdr.UpdateString("cty","NJWT")
$jweProtHdr.UpdateString("epk.kty","EC")
$jweProtHdr.UpdateString("epk.x","LOakgGvxWBsWbCPLY6Vq6OuBktIqG8POXFXe7ngQ2oM")
$jweProtHdr.UpdateString("epk.y","voJvS6I-Mc4qqmEA_G2hLQqBck3a3vqaJbmzY7YPUD4")
$jweProtHdr.UpdateString("epk.crv","P-256")

$jwe = New-Object Chilkat.Jwe
$jwe.SetProtectedHeader($jweProtHdr)
$jwe.SetPublicKey(0,$pubkey)

$plainText = "This is the text to be encrypted."
$strJwe = $jwe.Encrypt($plainText,"utf-8")
if ($jwe.LastMethodSuccess -ne $true) {
    $($jwe.LastErrorText)
    exit
}

$($strJwe)

# Let's decrypt...
$privkey = New-Object Chilkat.PrivateKey

$success = $privkey.LoadJwk($json.Emit())
if ($success -eq $false) {
    $($privkey.LastErrorText)
    exit
}

$jwe2 = New-Object Chilkat.Jwe
$success = $jwe2.LoadJwe($strJwe)
if ($success -eq $false) {
    $($jwe2.LastErrorText)
    exit
}

$jwe2.SetPrivateKey(0,$privkey)

#  Decrypt.
$decryptedText = $jwe2.Decrypt(0,"utf-8")
if ($jwe2.LastMethodSuccess -ne $true) {
    $($jwe2.LastErrorText)
    exit
}

$($decryptedText)